A steady stream of phishy emails

Phishing scams have the ability to swoop up valuable information with one deceptive email, so it makes sense they have been a popular methodology for cybercriminals for a while. And it’s likely to remain that way, at least for the time being.

Scott Gerlach is chief information security officer at SendGrid.

2018 proved that phishing campaigns’ popularity is holding steady. According to the Anti-Phishing Work Group (APWG), there were 264,483 unique phishing email reports in Q2 of last year. Two key sectors that were the focus of some of these campaigns: healthcare organizations and universities. That’s because these organizations contain a treasure trove of valuable data, so serious damage can be done if a phishing scam gets this data in the wrong hands.

Take a recent college graduate for instance, whose private information was compromised in a successful phishing scheme. That graduate, as he/she begins a career in an organization, now poses a threat to the present company by potentially exposing it to a data breach.

Phishing attacks on healthcare companies may be even more dangerous — as the records involved in healthcare’s processes and procedures contain life-changing information. From payment data to insurance provider information, the potential swath of stolen patient information could put people at serious risk of identity theft. A study from the Ponemon Institute found 65 percent of medical identity theft victims spent an average of $13,500 to pay the healthcare bills falsely made in their name.

The effectiveness these attacks have on these sectors this year makes us believe that the threat will show no signs of slowing in 2019. So organizations must prepare their employees for a continuous onslaught of sketchy emails.

Fighting the fines

One of the most impactful events of 2018 within the cybersecurity sphere was actually not a threat at all, but rather a policy designed to better protect people from them. Its name: GDPR (General Data Protection Regulation). Its goal: give EU citizens more control over their personal data. Finally implemented on May 25, 2018, this legislation has brought forth a huge amount of positive change, forcing companies to entirely reevaluate their approach to data security and privacy in 2018.

But now that the dust has settled, and some potential fines have started rolling in, we predict that we’ll see companies fight back on the validity of these policy-related fines. That’s because when a business’ main offering isn’t technically a security offering, business leaders may start questioning what kind of security investment should be required of an organization. More so, some companies may call into question just how applicable EU regulation is around the world.

Building a secure future

Now, these predictions aren’t without corresponding security pointers as well. By anticipating what trends may emerge in 2019, we can also advise next steps for those they may impact.

To plan ahead for the future, you must first invest your time and energy into the right building blocks. When it comes to security specifically, that means the products and processes that are most effective for your company’s needs. Combat phishing with email solutions that deploy robust anti-phishing software and leverage a DMARC email validation system. And if you find yourself faced with a GDPR fine, make decisions based on what is best for your customers.

Equip your company with the right tools and knowledge it needs to head fearlessly into the new year, and security becomes an achievable resolution. Meet the predictions with preparedness.